| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 SetACL by Helge Klein 2 3 Homepage: http://setacl.sourceforge.net 4 Version: 2.0.2.0 5 Copyright: Helge Klein 6 License: GPL 7 8 -O-P-T-I-O-N-S-------------------------------------------------------- 9 10 -on ObjectName 11 12 -ot ObjectType 13 14 -actn Action 15 16 -ace "n:Trustee;p:Permission;s:IsSID;i:Inheritance;m:Mode;w:Where" 17 18 -trst "n1:Trustee;n2:Trustee;s1:IsSID;s2:IsSID;ta:TrusteeAction;w:Where" 19 20 -dom "n1:Domain;n2:Domain;da:DomainAction;w:Where" 21 22 -ownr "n:Trustee;s:IsSID" 23 24 -grp "n:Trustee;s:IsSID" 25 26 -rec Recursion 27 28 -op "dacl:Protection;sacl:Protection" 29 30 -rst Where 31 32 -lst "f:Format;w:What;i:ListInherited;s:DisplaySID" 33 34 -bckp Filename 35 36 -log Filename 37 38 -fltr Keyword 39 40 -clr Where 41 42 -silent 43 44 -ignoreerr 45 46 -P-A-R-A-M-E-T-E-R-S------------------------------------------------- 47 48 ObjectName: Name of the object to process (e.g. 'c:\mydir') 49 50 ObjectType: Type of object: 51 52 file: Directory/file 53 reg: Registry key 54 srv: Service 55 prn: Printer 56 shr: Network share 57 58 Action: Action(s) to perform: 59 60 ace: Process ACEs specified by parameter(s) '-ace' 61 trustee: Process trustee(s) specified by parameter(s) 62 '-trst'. 63 domain: Process domain(s) specified by parameter(s) 64 '-dom'. 65 list: List permissions. A backup file can be 66 specified by parameter '-bckp'. Controlled by 67 parameter '-lst'. 68 restore: Restore entire security descriptors backed up 69 using the list function. A file containing the 70 backup has to be specified using the parameter 71 '-bckp'. The listing has to be in SDDL format. 72 setowner: Set the owner to trustee specified by parameter 73 '-ownr'. 74 setgroup: Set the primary group to trustee specified by 75 parameter '-grp'. 76 clear: Clear the ACL of any non-inherited ACEs. The 77 parameter '-clr' controls whether to do this for 78 the DACL, the SACL, or both. 79 setprot: Set the flag 'allow inheritable permissions from 80 the parent object to propagate to this object' to 81 the value specified by parameter '-op'. 82 rstchldrn: Reset permissions on all sub-objects and enable 83 propagation of inherited permissions. The 84 parameter '-rst' controls whether to do this for 85 the DACL, the SACL, or both. 86 87 TrusteeAction: Action to perform on trustee specified: 88 89 remtrst: Remove all ACEs belonging to trustee specified. 90 repltrst: Replace trustee 'n1' by 'n2' in all ACEs. 91 cpytrst: Copy the permissions for trustee 'n1' to 'n2'. 92 93 DomainAction: Action to perform on domain specified: 94 95 remdom: Remove all ACEs belonging to trustees of domain 96 specified. 97 repldom: Replace trustees from domain 'n1' by trustees with 98 same name from domain 'n2' in all ACEs. 99 cpydom: Copy permissions from trustees from domain 'n1' to 100 trustees with same name from domain 'n2' in all 101 ACEs. 102 103 Trustee: Name or SID of trustee (user or group). Format: 104 105 a) [(computer | domain)\]name 106 107 Where: 108 109 computer: DNS or NetBIOS name of a computer -> 'name' must 110 be a local account on that computer. 111 domain: DNS or NetBIOS name of a domain -> 'name' must 112 be a domain user or group. 113 name: user or group name 114 115 If no computer or domain name is given, SetACL tries to find 116 a SID for 'name' in the following order: 117 118 1. built-in accounts and well-known SIDs 119 2. local accounts 120 3. primary domain 121 4. trusted domains 122 123 b) SID string 124 125 Domain: Name of a domain (NetBIOS or DNS name). 126 127 Permission: Permission to set. Validity of permissions depends on the 128 object type (see below). Comma separated list. 129 130 Example: 'read,write_ea,write_dacl' 131 132 IsSID: Is the trustee name a SID? 133 134 y: Yes 135 n: No 136 137 DisplaySID: Display trustee names as SIDs? 138 139 y: Yes 140 n: No 141 b: Both (names and SIDs) 142 143 Inheritance: Inheritance flags for the ACE. This may be a comma separated 144 list containing the following: 145 146 so: sub-objects 147 sc: sub-containers 148 np: no propagation 149 io: inherit only 150 151 Example: 'io,so' 152 153 Mode: Access mode of this ACE: 154 155 a) DACL: 156 157 set: Replace all permissions for given trustee by 158 those specified. 159 grant: Add permissions specified to existing permissions 160 for given trustee. 161 deny: Deny permissions specified. 162 revoke: Remove permissions specified from existing 163 permissions for given trustee. 164 165 b) SACL: 166 167 aud_succ: Add an audit success ACE. 168 aud_fail: Add an audit failure ACE. 169 revoke: Remove permissions specified from existing 170 permissions for given trustee. 171 172 Where: Apply settings to DACL, SACL, or both (comma separated list): 173 174 dacl 175 sacl 176 dacl,sacl 177 178 Recursion: Recursion settings, depends on object type: 179 180 a) file: 181 182 no: No recursion. 183 cont: Recurse, and process directories only. 184 obj: Recurse, and process files only. 185 cont_obj: Recurse, and process directories and files. 186 187 b) reg: 188 189 no: Do not recurse. 190 yes: Do Recurse. 191 192 Protection: Controls the flag 'allow inheritable permissions from the 193 parent object to propagate to this object': 194 195 nc: Do not change the current setting. 196 np: Object is not protected, i.e. inherits from 197 parent. 198 p_c: Object is protected, ACEs from parent are 199 copied. 200 p_nc: Object is protected, ACEs from parent are not 201 copied. 202 203 Format: Which list format to use: 204 205 sddl: Standardized SDDL format. Only listings in this 206 format can be restored. 207 csv: SetACL's csv format. 208 tab: SetACL's tabular format. 209 210 What: Which components of security descriptors to include in the 211 listing. (comma separated list): 212 213 d: DACL 214 s: SACL 215 o: Owner 216 g: Primary group 217 218 Example: 'd,s' 219 220 ListInherited: List inherited permissions? 221 222 y: Yes 223 n: No 224 225 Filename: Name of a (unicode) file used for list/backup/restore 226 operations or logging. 227 228 Keyword: Keyword to filter object names by. Names containing this 229 keyword are not processed. 230 231 -R-E-M-A-R-K-S-------------------------------------------------------- 232 233 Required parameters (all others are optional): 234 235 -on (Object name) 236 -ot (Object type) 237 238 Parameters that may be specified more than once: 239 240 -actn (Action) 241 -ace (Access control entry) 242 -trst (Trustee) 243 -dom (Domain) 244 -fltr (Filter keyword) 245 246 Only actions specified by parameter(s) '-actn' are actually performed, 247 regardless of the other options set. 248 249 Order in which multiple actions are processed: 250 251 1. restore 252 2. clear 253 3. trustee 254 4. domain 255 5. ace, setowner, setgroup, setprot 256 6. rstchldrn 257 7. list 258 259 -V-A-L-I-D--P-E-R-M-I-S-S-I-O-N-S------------------------------------- 260 261 a) Standard permission sets (combinations of specific permissions) 262 263 Files / Directories: 264 265 read: Read 266 write: Write 267 list_folder: List folder 268 read_ex: Read, execute 269 change: Change 270 profile: = change + write_dacl 271 full: Full access 272 273 Printers: 274 275 print: Print 276 man_printer: Manage printer 277 man_docs: Manage documents 278 full: Full access 279 280 Registry: 281 282 read: Read 283 full: Full access 284 285 Service: 286 287 read: Read 288 start_stop: Start / Stop 289 full: Full access 290 291 Share: 292 293 read: Read 294 change: Change 295 full: Full access 296 297 b) Specific permissions 298 299 Files / Directories: 300 301 traverse: Traverse folder / execute file 302 list_dir: List folder / read data 303 read_attr: Read attributes 304 read_ea: Read extended attributes 305 add_file: Create files / write data 306 add_subdir: Create folders / append data 307 write_attr: Write attributes 308 write_ea: Write extended attributes 309 del_child: Delete subfolders and files 310 delete: Delete 311 read_dacl: Read permissions 312 write_dacl: Write permissions 313 write_owner: Take ownership 314 315 Registry: 316 317 query_val: Query value 318 set_val: Set value 319 create_subkey: Create subkeys 320 enum_subkeys: Enumerate subkeys 321 notify: Notify 322 create_link: Create link 323 delete: Delete 324 write_dacl: Write permissions 325 write_owner: Take ownership 326 read_access: Read control
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |